feat: add configurable insecure TLS option for overlay networks #1289

Open

N4CH723HR3R wants to merge 2 commits from N4CH723HR3R/continuwuity:add-https-ignore into main

pull from: N4CH723HR3R/continuwuity:add-https-ignore

merge into: continuwuation:main

continuwuation:main

continuwuation:nex/feat/complement

continuwuation:renovate/rspress-plugin-client-redirects-2.x-lockfile

continuwuation:renovate/rust-patch-updates

continuwuation:renovate/rspress-plugin-preview-2.x-lockfile

continuwuation:renovate/rspress-core-2.x-lockfile

continuwuation:nex/stateres-refactor

continuwuation:ginger/deps/update-rspress

continuwuation:jade/admin-announce-improvements

continuwuation:aranje/illegal-car-mods

continuwuation:ginger/xtask-improvements

continuwuation:jade/improve-admin-config-display

continuwuation:nex/fix/better-stateres-error-logs

continuwuation:renovate/crate-ci-committed-1.x

continuwuation:jade/sender-timeouts

continuwuation:nex/feat/custom-v12-room-ids

continuwuation:ginger/update-metadata

continuwuation:renovate/rand-0.x

continuwuation:renovate/crate-ci-typos-1.x

continuwuation:nex/feat/admin-force-logout

continuwuation:renovate/lddtree-0.x

continuwuation:tom/max-perf-docs

continuwuation:renovate/github-actions-non-major

continuwuation:nex/fix/invalid-appservice-reg

continuwuation:nex/feat/antispam

continuwuation:nex/feat/account-locking

continuwuation:jade/logging-cleanup

continuwuation:jade/remove-legacy-appservice-auth

continuwuation:nex/fix/key-query

continuwuation:jade/update-prek

continuwuation:nex/fix/room-summaries

continuwuation:ginger/restrict-admin-commands

continuwuation:ginger/enable-console-by-default

continuwuation:jade/tag-fixes

continuwuation:jade/otlp

continuwuation:renovate/cargo-bins-cargo-binstall-1.x

continuwuation:nex/meta/pull-req-template

continuwuation:nex/fix/fed-invite-compliance

continuwuation:nex/feat/build-commit

continuwuation:nex/feat/join-logging

continuwuation:jade/mailmap-updates

continuwuation:jade/hack-ci-tmp

continuwuation:jade/v12-stable

continuwuation:jade/relations

continuwuation:renovate/axum-monorepo

continuwuation:ginger/database-refactor

continuwuation:jade/fix-ldap-uiaa

continuwuation:nex/fix/validation

continuwuation:ginger/nuke-invalid-msc4133-fields-in-migration

continuwuation:ginger/downgrade-artifact-actions

continuwuation:oddlid/reload-fix

continuwuation:jade/fix-assert

continuwuation:ginger/sync-v3-cleanup

continuwuation:renovate/ruma-digest

continuwuation:ginger/remove-absolute-action-urls

continuwuation:renovate/https-code.forgejo.org-actions-checkout-6.x

continuwuation:renovate/actions-checkout-6.x

continuwuation:jade/website

continuwuation:renovate/https-code.forgejo.org-actions-checkout-digest

continuwuation:nex/fix/backoff

continuwuation:renovate/bytes-1.x-lockfile

continuwuation:ginger/fix-mdbook-for-0.5

continuwuation:ginger/no-docker-on-prs

continuwuation:nex/mods

continuwuation:backport/v0.5.0-rc.8-1

continuwuation:renovate/hyper-1.x-lockfile

continuwuation:nex/fed-improvements

continuwuation:dahsa_uwu/axum-0.8

continuwuation:jade/rust-1.90

continuwuation:jade/mirror-dockerhub

continuwuation:jade/clippy-fixes

continuwuation:jade/fix-support

continuwuation:jade/clean-images

continuwuation:jade/wal-compression-type

continuwuation:jade/flake-clone

continuwuation:ginger/upload-rpms-on-schedule

continuwuation:nex/fix/incoming-fetch

continuwuation:nex/fix/upgrade

continuwuation:tom/ci-fedora-rpm

continuwuation:jade/ci-release-fix

continuwuation:jade/rocksdb-10-5

continuwuation:ginger/fix-msc4133-migration

continuwuation:ginger/migrate-busted-tz

continuwuation:hydra/public

continuwuation:nex/feat/manual-extremities

continuwuation:nex/feat/async-media

continuwuation:nex/feat/fast-joins-hack-do-not-use-DO-NOT-USE

continuwuation:nex/feat/better-logging

continuwuation:trigger-ci-so-latest-isnt-on-illegal-car-mods

continuwuation:nex/feat/pins-backfill

continuwuation:jade/tuwunel-2025-06-old

continuwuation:jade/ai-slop-db-docs

continuwuation:nex/fix-create-auth

continuwuation:jade/version-stats

continuwuation:jade/read-receipts

continuwuation:jade/rust-toolchain-no-targets

continuwuation:jade/logging-features

continuwuation:jade/syncv5-typing

continuwuation:jade/msc2815

continuwuation:jade/purge-sync-tokens

continuwuation:morguldir/see-eye

continuwuation:jade/css-small-screen

continuwuation:nex/wip-751

continuwuation:tuwunel-rebase

continuwuation:test

continuwuation:oddlid/rename-admin-room-bot

continuwuation:strawberry/nix-ci-stuff

continuwuation:strawberry/valgrind

continuwuation:phonemain

continuwuation:strawberry/morgs-snake-sync-jason-main

continuwuation:newer-media-endpoints

continuwuation:folly-coroutines-async-io

continuwuation:federation-retry-timer-port

continuwuation:bad-attempt-at-extracting-homeserver-signing-key

continuwuation:room-deletion-attempt-do-not-use

Conversation 1 Commits 2 Files changed 4 +51 -2

N4CH723HR3R commented 2026-01-13 03:06:46 +00:00

First-time contributor

Copy link

This pull request adds a config option to disable TLS checks based on a regex.
Invalid certs are used for servers on overlay networks like i2p or TOR

Closes: #834

Pull request checklist:

• This pull request targets the main branch, and the branch is named something other than
  main.
• I have written an appropriate pull request title and my description is clear.
• I understand I am responsible for the contents of this pull request.
• I have followed the contributing guidelines:
  • My contribution follows the code style, if applicable.
  • I ran pre-commit checks before opening/drafting this pull request.
  • I have tested my contribution (or proof-read it for documentation-only changes)
    myself, if applicable. This includes ensuring code compiles.
    (it runs via the provided nix shell)
  • My commit messages follow the commit message format and are descriptive.
  • I have written a news fragment for this PR, if applicable.

This pull request adds a config option to disable TLS checks based on a regex. Invalid certs are used for servers on overlay networks like i2p or TOR Closes: #834 **Pull request checklist:** <!-- You need to complete these before your PR can be considered. If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. --> - [x] This pull request targets the `main` branch, and the branch is named something other than `main`. - [x] I have written an appropriate pull request title and my description is clear. - [x] I understand I am responsible for the contents of this pull request. - I have followed the [contributing guidelines][c1]: - [x] My contribution follows the [code style][c2], if applicable. - [x] I ran [pre-commit checks][c1pc] before opening/drafting this pull request. - [x] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes) myself, if applicable. This includes ensuring code compiles. (it runs via the provided nix shell) - [x] My commit messages follow the [commit message format][c1cm] and are descriptive. - [ ] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->. <!-- Notes on these requirements: - While not required, we encourage you to sign your commits with GPG or SSH to attest the authenticity of your changes. - While we allow LLM-assisted contributions, we do not appreciate contributions that are low quality, which is typical of machine-generated contributions that have not had a lot of love and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up the codebase with a +-100,000 diff. - In the case of code style violations, reviewers may leave review comments/change requests indicating what the ideal change would look like. For example, a reviewer may suggest you lower a log level, or use `match` instead of `if/else` etc. - In the case of code style violations, pre-commit check failures, minor things like typos/spelling errors, and in some cases commit format violations, reviewers may modify your branch directly, typically by making changes and adding a commit. Particularly in the latter case, a reviewer may rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword commit messages that don't satisfy the format. - Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be bypassed in exceptional circumstances. If your CI flakes, let us know in matrix:r/dev:continuwuity.org. - Pull requests have to be based on the latest `main` commit before being merged. If the main branch changes while you're making your changes, you should make sure you rebase on main before opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind. - We typically only do fast-forward merges, so your entire commit log will be included. Once in main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras! --> [c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md [c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx [c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks [c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally [c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages [n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

N4CH723HR3R added 1 commit 2026-01-13 03:06:47 +00:00

feat: add configurable insecure TLS option for overlay networks 4c56d66d3f

N4CH723HR3R added 1 commit 2026-01-13 03:10:15 +00:00

Merge remote-tracking branch 'origin' into add-https-ignore ca6f036ac7

N4CH723HR3R commented 2026-01-13 03:12:27 +00:00

Author

First-time contributor

Copy link

i still need to write a news fragment, right?

i still need to write a news fragment, right?

N4CH723HR3R added 1 commit 2026-01-13 19:20:33 +00:00

chore: reformat modified file 23f5aba894

N4CH723HR3R added 4 commits 2026-01-13 20:40:02 +00:00

feat: Admin announce improvements ... b77d02a5c5

- Check announcements on first start
- Print out any fetch errors on first start in the admin room
- Randomly jitter the next check

style: Fix yo unused variables 39eedc1d7f

chore: Changelog d163661e4f

feat: add configurable insecure TLS option for overlay networks e0f8711074

N4CH723HR3R force-pushed add-https-ignore from e0f8711074 to c429c9ca69 2026-01-13 20:49:35 +00:00 Compare

N4CH723HR3R force-pushed add-https-ignore from c429c9ca69 to 617538e351 2026-01-13 20:55:55 +00:00 Compare

N4CH723HR3R force-pushed add-https-ignore from 617538e351 to 01641a8364 2026-01-13 21:08:20 +00:00 Compare

All checks were successful

Hide all checks

Documentation / Build and Deploy Documentation (pull_request) Has been skipped

Details

Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m54s

Required

Details

Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 22m23s

Required

Details

This pull request is blocked because it's outdated.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u add-https-ignore:N4CH723HR3R-add-https-ignore

git switch N4CH723HR3R-add-https-ignore

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

Blocked

This pull request or issue is currently blocked from being merged/closed

  

Bug

Something isn't working as intended

  

Cherry-picking

Commits picked from other conduit projects

  

Database

This requires or includes changes to the database

  

Dependencies

Something dependency related

  

Dependencies/Renovate

Automatic dependency upgrades by Renovate

  

Difficulty

Easy

Low difficulty to implement - touches few parts of the codebase, low complexity

  

Difficulty

Hard

High difficulty to implement - touches many parts of the codebase, high complexity

  

Difficulty

Medium

Medium difficulty to implement - touches more parts of the codebase, higher complexity

  

Documentation

Improvements or additions to documentation

  

Enhancement

New feature or request

  

Good first issue

Good for newcomers

  

Help wanted

Additional eyes and keyboards are required for this one

  

Inherited

Issues that have been inhereted from the project pre-fork

  

Matrix/Administration

Features pertaining to homeserver administration

  

Matrix/Appservices

Features pertaining to the appservice API

  

Matrix/Auth

Features pertaining to authentication

  

Matrix/Client

Features pertaining to client-to-server interactions

  

Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  

Matrix/Federation

Features pertaining to server-to-server interactions

  

Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  

Matrix/MSC

Features pertaining to unstable matrix features

  

Matrix/Media

Features pertaining to media interactions

  

Meta

Related to housekeeping, maintenance, or other repo-meta.

  

Meta/CI

Issues related to CI changes

  

Meta/Packaging

Packaging

  

Priority

Blocking

This issue is blocking the next release

  

Priority

High

This issue is very important

  

Priority

Low

This issue is of a rather low priority

  

Security

This item is related to general security

  

Status

Confirmed

This issue has enough information and is confirmed

  

Status

Duplicate

This issue or pull request already exists

  

Status

Invalid

This issue doesn't seem right

  

Status

Needs Investigation

This issue needs further investigation

  

Support

Questions or support requests

  

To-Merge

  

Wont fix

This will not be worked on

  

old/ci/cd

Ci/CD

Archived

  

old/rust

Pull requests that update Rust code

Archived

No labels

Blocked

Bug

Cherry-picking

Database

Dependencies

Dependencies/Renovate

Difficulty

Easy

Difficulty

Hard

Difficulty

Medium

Documentation

Enhancement

Good first issue

Help wanted

Inherited

Matrix/Administration

Matrix/Appservices

Matrix/Auth

Matrix/Client

Matrix/Core

Matrix/Federation

Matrix/Hydra

Matrix/MSC

Matrix/Media

Meta

Meta/CI

Meta/Packaging

Priority

Blocking

Priority

High

Priority

Low

Security

Status

Confirmed

Status

Duplicate

Status

Invalid

Status

Needs Investigation

Support

To-Merge

Wont fix

old/ci/cd

old/rust

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

continuwuation/continuwuity!1289

No description provided.